• All
  • Conference
  • Cybersecurity news
  • Opinion
  • Poster series
  • Publications
  • Resources

The 1st University of St. Gallen Grand Challenge ‘The EU AI Act’ – A Grand Success for LegalAIzers

Our former Ph.D. researcher Pier Giorgio Chiara – who defended his thesis on ‘Security and Privacy of resource-constrained devices’ under the supervision of Prof. Cole in March 2023 – together with his team ‘LegalAIzers’ won the 1st University of St. Gallen Grand Challenge on the EU AI Act. The Grand Challenge seeks to clarify how to … Continued

New Publication in Oxford Academic’s Journal of Cybersecurity: Defining the Reporting Threshold for a Cybersecurity Incident under the NIS Directive and the NIS 2 Directive

Our most recent publication is based on the presentation given at BILETA 2022 at the University of Exeter in April 2022. This paper reflects on the final text of the NIS 2 Directive as adopted on 14 December 2022. Following the risk-based approach adopted in the NIS Directive, the NIS 2 Directive enlists as a … Continued

New Publication: EDPB Opinion on the European Commission’s Draft Adequacy Decision regarding the EU-U.S. Data Privacy Framework: Is the Scene Set for Schrems III?

In March 2022, the European Commission and the U.S. government announced the political agreement on a new EU-U.S. Data Privacy Framework to replace the Privacy Shield Framework which had been struck down by the CJEU in the case of Schrems II. The new framework seeks to establish the legal basis for transatlantic data flows to … Continued

NIS Directive Commentary Update: Art. 8 National Competent Authorities and Single Point of Contact

The NIS Directive Commentary has been updated with regard to Article 8. Articles 1, 3 and 7 NIS Directive foresee the adoption of a national framework by each Member State including a strategy on NIS security as well as regulatory measures covering OESs and DSPs. The envisaged increase of Member States’ capabilities further requires a … Continued

The Proposal for an EU Cyber Solidarity Act

On 18 April 2023, the European Commission adopted a Proposal for a Regulation laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cybersecurity threats and incidents (Proposal for an EU Cyber Solidarity Act) along with a Commission Communication setting up a Cybersecurity Skills Academy. The EU … Continued

New Publication: Refining the Mandatory Cybersecurity Incident Reporting Under the NIS Directive 2.0: Event Types and Reporting Processes

Our second contribution to the Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media outlines the new incident reporting obligations under the NIS 2 Directive as foreseen in the original Commission Proposal for a NIS 2 Directive and further discussed during the trilogue negotiations. The NIS Directive (NISD) and sector-specific cybersecurity regulations … Continued

NIS Directive Commentary Update: Art. 11 Cooperation Group

The work on the NIS Directive Commentary continues and we have published the commentary to Art. 11 NIS Directive, which also addresses the new tasks imposed upon the NIS Cooperation Group under Art. 14 NIS 2 Directive. One of the priorities of the NIS Directive was to improve the cooperation between Member States in the … Continued

New Publication: The Transnational Dimension of Cybersecurity: The NIS Directive and Its Jurisdictional Challenges

Paula Contreras’ paper “The transnational dimension of cybersecurity: the NIS Directive and its jurisdictional challenges” analyses and compares the jurisdictional rules applicable to cross-border actors under the NIS Directive and the NIS 2 Proposal. It also comparatively examines the jurisdictional rules of two further EU regulatory instruments applicable to digital services—the GDPR and the DSA … Continued

National Cybersecurity Strategies in the EU: Overview

National cybersecurity strategies emerged in Europe mainly after the 2007 cyberattack campaign against Estonia and the Commission Communication ‘Digital Agenda for Europe’, a flagship initiative under the Europe 2020 Strategy. In 2007, coordinated cyber attacks were launched against Estonian government agencies, banks, and media and telecommunications companies. In the follow-up of these events, Estonia became … Continued

NIS Directive Commentary Update: Article 6 Significant Disruptive Effect

The EnCaViBS project team continues to update the commentary to the NIS Directive with a comment on Article 6 NIS Directive. Article 6 NIS Directive concerns the factors to be taken into account when determining the significance of a disruptive effect as referred to in Article 5(2)(c) NIS Directive. The comment outlines the cross-sectoral and sector-specific … Continued

Commentary to the NIS Directive – Update

One of the main deliverables of the EnCaViBS project is a living commentary to the NIS Directive. A legal commentary can be a useful resource for providing current information on specific legislation. Legal commentaries usually refer to legal practice, and help to form structures and to define principles in individual areas of law. The main … Continued

New Publication: EDPB Adopts updated Guidelines on Personal Data Breach Notification under GDPR: The End of the One-Stop-Shop Reporting Mechanism for Non-EU Establishments

The NIS Directive introduced the reporting of security incidents for operators of essential services and some digital service providers. Likewise, the General Data Protection Regulation introduced the requirement for a personal data breach to be notified to the competent national supervisory authority and, in certain cases, to communicate the breach to the individuals whose personal … Continued

New Publication: Towards an Efficient and Coherent Regulatory Framework on Cybersecurity in the EU: The Proposals for a NIS 2.0 Directive and a Cyber Resilience Act

Cybersecurity regulation in the EU has long been implemented in a piece-meal fashion resulting in a fragmented regulatory landscape. Recent developments triggered the EU to review its approach which has not resulted in the envisaged high level of cyber resilience across the Union. Our paper addresses the EU’s limited mandate to regulate cybersecurity and outlines … Continued

When Security Interests Collide: Weakening End-to-End Encyrption? – A Brief Note on Recital 98 NIS 2 Directive

In November 2020, the Council of the European Union published the Council Resolution on Encryption, in which the necessity for security through encryption and for security despite encryption is emphasized. The Resolution is based on the assumption that access to encrypted content is becoming increasingly important for competent authorities in the area of security and … Continued

16 January 2023: The NIS 2 Directive Enters into Force

Today, the NIS 2 Directive (Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive), OJ L 333, 27.12.2022, p. 80–152) enters into force. … Continued

New Publications Forthcoming

With the end of EnCaViBS approaching, we are happy to announce that some of our interim research results will soon be published. All publications will be open access and include the following: Paula Contreras, ‘The Transnational Dimension of Cybersecurity – The NIS Directive and its Jurisdictional Challenges’ in: C. Onwubiko, P. Rosati, A. Rege, A. … Continued

The NIS 2.0 Directive Enters into Force in January

Following the adoption of the NIS 2 Directive by the European Parliament and the Council in November, the new NIS Directive (Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, … Continued

Memorandum of Understanding between ENISA and EDPS

On 30 November 2022, the European Data Protection Supervisor (EDPS) Wojciech Wiewiórowski and Juhan Lepassar, the Executive Director of ENISA, signed a Memorandum of Understanding which establishes a strategic framework for increased cooperation between ENISA and the EDPS. Th Memorandum of Understanding has been agreed in recognition of the common interest of EDPS and ENISA … Continued

Council Adopts NIS2

On Monday, 28 November 2022, the Council adopted the NIS2 Directive, which will now be published in the Official Journal of the EU in the coming days to entry into force. Member States will then have 21 months from the entry into force to transpose the Directive into national law.

PG Chiara – The Cyber Resilience Act: the EU Commission’s Proposal for a Horizontal Regulation on Cybersecurity for Products with Digital Elements

Pier Giorgio Chiara, who has in the past contributed to this blog on several occassions, has published a research article on the CRA Proposal in the International Cybersecurity Law Review ([2022] 225 – 272). His article outlines the content of the CRA Proposal and also addresses the interplay with the forthcoming NIS 2.0 Directive. Abstract: … Continued

European Parliament Adopts NIS 2.0 Directive and Digital Operational Resilience Act

The Proposal for a NIS 2.0 Directive has been adopted at first reading with 577 votes to 6, with 31 abstentions at the Parliament’s plenary session of 10 November 2022. Since political agreement had been reached in June 2022, work had continued at technical level to finalise the provisional agreement on the full legal text. … Continued

ENISA Threat Landscape 2022: Geopolitical Tensions as a Game Changer

On 3 November 2022, the EU Agency for Cybersecurity, ENISA, published its Threat Landscape 2022 (ETL) Report. The 10th edition of the Report covers the reporting period of July 2021 up to July 2022. The Report’s content is gathered from open sources such as media articles, expert opinions, intelligence reports, incident analysis and security research reports; … Continued

The Cyber Resilience Act Proposal: New Horizontal Cybersecurity Requirements for Hardware and Software Products

Guest Author: Pier Giorgio Chiara The EU Commission presented on 15 September 2022 a proposal for a regulation ‘on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020’, known as the Cyber Resilience Act (CRA). The Act, building on the 2020 EU Cybersecurity Strategy for the digital decade, will bolster cybersecurity … Continued

EnCaViBS Poster Series: Pseudonymisation Techniques – the Case of the Health Sector

The healthcare sector is one of the sectors covered by the NIS Directive. Healthcare has highly benefited from technological progress and digitalisation. With the integration of new technologies, new challenge emerge in relation to data protection and cybersecurity. New challenges are also linked to the extended information exchange among healthcare service providers. Large volume of … Continued

EnCaViBS Poster Series: Joint Cyber Unit

Beyond the NIS Directive with its focus on incident reporting and threat information sharing, there are a number of further activities at EU level to tackle the rising number of cybersecurity incidents. On 23 June 2021, the European Commission proposed a Joint Cyber Unit to bring together resources and expertise available to the EU and … Continued

EnCaViBS Poster Series: Tasks and Role of ENISA

The European Union Agency for Cybersecurity (ENISA) plays an important role in the European cybersecurity ecosystem. The Agency works with organisations and businesses to strengthen trust in the digital economy, boost the resilience of the EU’s infrastructure, and keep EU citizens digitally safe. Under the NIS Directive, ENISA is tasked with assisting the Member States … Continued

EnCaViBS – Summary Report on Cooperation

Our interdisciplinary project EnCaViBS inter alia evaluates the implementation of the NIS Directive in the EU Member States. One of our focus points also in terms of the NIS 2.0 Proposal is the assessment of the different cooperation mechanisms introduced by the NIS Directive. In that regard we asked the single points of contact (SPOCs), … Continued

EnCaViBS Contribution to the MISP Project

Responding effectively to the the challenges of NIS security requires inter alia the exchange of information on risks and incidents. Accordingly, the NIS Directive requires OESs and DSPs to report incidents with a significant/substantial impact. A key deliverable of the NIS Directive is also the creation of a computer security incident response teams network (‘CSIRTs … Continued

NIS 2.0 Directive – Status Quo Update

Trilogue interinstitutional negotiations on a NIS 2.0 Directive started on 13 January 2022 with a political agreement reached as early as 13 May 2022. In a meeting on 20 July 2022, the Council Presidency has now presented its revised Presidency compromise text for a NIS 2.0 Directive to the Permanent Representatives Committee seeking authorisation to request … Continued

Gikii 2022 Welcomed Us to Iceland

Sandra participated on behalf of the EnCaViBS team at this year’s Gikii conference at the University of Reykjavik in Iceland. Gikii, which exists since 2006, is THE original geek law conference and explores the interface between law and popular culture. The conference call invited contributions that had a link with sci-fi, fantasy, robots, AI, comic … Continued

One Step Ahead: Mapping the Italian and German Cybersecurity Laws Against the Proposal for a NIS2 Directive

Pier Giorgio Chiara, Ph.D. student under the LASTJD-programme (Marie Sklodowska-Curie ITNEJD “Law, Science and Technology Rights of Internet of Everything” grant agreement No 814177) and Sandra Schmitz have just published with the International Cybersecurity Law Review on the advancement of Italian and German cybersecurity legislation compared to the Proposal for a NIS2 Directive. Their Article … Continued

International Conference on Cybersecurity, Situational Awareness and Social Media (Cyber Science 2022) – Presentations online

The International Conference on Cybersecurity, Situational Awareness and Social Media (Cyber Science) is a multidisciplinary conference and was this year held at Cardiff Metropolitan University, Wales, UK. Cyber Science is the flagship conference of the Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRiC) focusing on pioneering research and innovation in Cyber Situational Awareness, Social Media, … Continued

Cyber Science 2022

The EnCaViBS team will present its research tomorrow at Cyber Science 2022 hosted by Cardiff Metropolitan University. The International Conference on Cybersecurity, Situational Awareness and Social Media (Cyber Science 2022) is a multidisciplinary conference. It brings academics, researchers, practitioners and participants together to share and discuss new and emerging ideas, concepts and research outcomes. The … Continued

EnCaViBS Poster Series: NISD in a Nutshell – Penalties

CPDP 2022 in Review

Following a virtual event in 2021, this year’s CPDP returned to a hybrid mode with more than 400 international speakers from academia, public and private sectors and civil society. The stellar opening event on Sunday, 22 May 2022, saw inter alia activist and security specialist Chelsea Manning speak about the urgency of private and secure … Continued

EnCaViBS Poster Series: NISD in a Nutshell – Jurisdiction

Maturity of Technical Protection Measures

A key element of the NIS Directive is the obligation to implement appropriate security measures that pay regard to the state of the art. The appropriateness of a specific measure has to be assessed in a risk-based approach, thus, there is no one size fits all approach. With the entry into force of the NIS … Continued

Coordinated Vulnerability Disclosure Policies in the EU

On 13 April 2022, the European Union Agency for Cybersecurity (ENISA) published a report on national coordinated vulnerability disclosure (CVD) policies in the EU Member States. Coordinated vulnerability disclosure is a process by which vulnerabilites finders work together and share information with the relevant stakeholders such as vendors or ICT infrastructure owners. The ENISA report … Continued

NIS Directive 2.0 – Political Agreement Reached

Negotiators from the trilogue parties reached a provisional political agreement on the NIS Directive 2.0 on 13 May 2022. MEP Bart Groothuis provided an update on the result of the fourth round of inter-institutional negotiations in an interview with Luca Bertuzzi of Euractiv. As regards the scope of the new Directive, agreement was reached as … Continued

NISDUC Conference 2022: How to Tackle the Implementation of NIS/NIS 2.0?

On 10 and 11 May, the NISDUC consortium invited to the first NISDUC conference in Luxembourg. The conference aimed at developing a community of practice around the NIS Directive, sharing knowledge and exchanging practices, as well as gaining some hands-on experience in training sessions. Representing EnCaViBS, Sandra outlined how the implementation of the NIS Directive … Continued

Cyber Science 2022

EnCaViBS has two papers accepted at Cyber Science 2022 – International Conference on Cybersecurity, Situational Awareness and Social Media hosted by Cardiff Metropolitan University. The conference takes place from 20 to 21 June 2022. Paula Contreras will present her research on jurisdictional challenges under NIS and NIS 2.0, while Sandra will further elaborate on the … Continued

BILETA 2022 Taylor and Francis Prize Awarded to EnCaViBS

The Taylor and Francis Prize 2022 of BILETA 2022 has been awarded to EnCaViBS team member Sandra Schmitz for her paper “To Report, or Not to Report, that Is the Question! The Struggle in Determining a Report-Worthy Cyber Incident”, advocating for an extension of reporting obligations in the new NIS 2.0 Directive. All conference participants were … Continued

37th BILETA 2022: EnCaViBS Has Been on Board with Two Presentations

The EnCaViBS team successfully presented their research at this year’s BILETA conference held at the University of Exeter. With COVID-19 restrictions lifted, the team attended their first face-to-face event since the project started in 2019. Our new R&D specialist, Paula Contreras presented her paper “The transnational dimension of cyber security. The NIS Directive and its … Continued

The Importance of a High Level of Cybersecurity: Cyberattacks to Debilitate States

Following an increase of cyberattacks during the coronavirus crisis, the latest cyberattacks – predominantly on Ukranian government and infrastructures – sheds light to a further aspect of the necessity for a high level of cyberresilience. Cyberattacks targeting essential services have the potential to inter alia destroy infrastructure, affect drinking water supply, hamper electricity and telecommunication … Continued

2nd Paper Accepted at the 37th BILETA Annual Conference 2022

Our new team member Paula Contreras will also present her research on the NIS Directive at the 37th BILETA Annual Conference. Her paper delves into the jurisdictional challenges that arise from the NIS Directive and identifies the shortcomings of the legal provisions on jurisdiction. It also advances the idea that the Directive ambiguities have given … Continued

Luxembourg Chairs the New European Cybersecurity Competence Centre

Pascal Steichen, Managing Director of SECURITYMADEIN.LU, has been elected Chair of the Governing Board of the new European Cybersecurity Competence Centre. The Governing Board of the Centre is composed of representatives from the Member States (27 members), the Commission (2 members) and ENISA (1 permanent observer). During the same meeting, the list of National Coordination Centers officially … Continued

Paper Accepted at the 37th BILETA Conference 2022

Our proposal ‘To Report, or Not to Report, that Is the Question! The Struggle in Determining a Report-Worthy Cyber Incident’ has been accepted for presentation at the annual conference of the British and Irish Law Education and Technology Association (BILETA). The conference will take place on 12-14 April at the University of Exeter, UK. Registrations … Continued

New Publication: Responsible Vulnerability Disclosure under the NIS 2.0 Proposal

Both, the NIS Directive and the GDPR introduce breach reporting obligations. In particular, in the case of the GDPR this might include an obligation to go public about an incident. These legal obligations might be in conflict with good/common practice of responsible vulnerability disclosure. This paper briefly outlines reporting duties under NISD and GDPR and … Continued

NIS 2.0: Council of the European Union General Approach

On 26 November 2021, the Council of the European Union published a draft compromise proposal for a NIS 2.0 Directive. The document also identifies as main political issues: the scope of the NIS 2.0 proposal, the inclusion of public administration under the scope of NIS 2.0, the exclusion clause of Art. 2(3)(a) NIS 2.0 proposal, … Continued

CPDP 2022: New Dates Announced!

The world-leading multidisciplinary conference CPDP will take place from Monday 23 May 2022 to Wednesday 25 May 2022 in Brussels. CPDP offers the cutting edge in legal, regulatory, academic and technological development in privacy and data protection. Within an atmosphere of independence and mutual respect, CPDP gathers academics, lawyers, practitioners, policy-makers, industry and civil society … Continued

New Publication: Cybersecurity is Gaining Momentum – NIS 2.0 is on its Way

A comment on the NIS 2.0 proposal has been published in the European Data Protection Law Review.

CPDP 2022 Postponed

We were looking forward to fruitful discussions within our EnCaViBS session at the 15th International Conference Computers, Privacy and Data Protection (CPDP) 2022 in January in Brussels. Due to the current developments to tackle the COVID-19 pandemic, the CPDP Programming and Scientific Committees have decided to postpone the 2022 conference to spring 2022. The announcement … Continued

Cybersecurity@CEPS Summit – Panel Discussion available Online

The Cybersecurity@CEPS summit 2021 took place on 1 and 2 December 2021. Sandra discussed the status of NIS 2.0 with Eva Kaili (Member of European Parliament and NIS2 Shadow rapporteur), Svetlana Schuster (Head of Sector Implementation and Review of the NIS Directive, DG CONNECT, European Commission) and Florian Pennings (Director Government Affairs Cybersecurity, Microsoft). The … Continued

Cybersecurity@CEPS Summit 2021

Once again, Sandra is invited to speak at the annual Cybersecurity@CEPS Summit. The 2021 summit “Building Cyber Resilience for a sustainable Post Pandemic Recovery“, held on 1-2 December 2021 aims to contribute to the next steps of the EU’s evolving cybersecurity efforts. Accordingly day one focuses on the NIS 2.0 proposal, while day two addresses … Continued

Università Bocconi School of Law “Quo Vadis, EU (Law)?”

It has been a great honour and a pleasure for Sandra to participate at the Bocconi School of Law’s hybrid conference “Quo Vadis, EU (Law)?” on 12 November 2021. The conference saw distinguished legal scholars such as Bruno de Witte (Maastricht University) and Paul Nemitz (Principal Adviser on Justice Policy, EU Commission) discussing how the … Continued

Germany: The IT Security Act 2.0

On 28 May 2021, the German IT Security Act 2.0 entered into force and introduces a number of changes to the existing regulation of critical infrastructures (corresponding to essential services under the NIS Directive) already covered by the BSI Act (Gesetz über das Bundesamt für Sicherheit in der Informationstechnik (BSI-Gesetz)). These changes include: expansion of … Continued

Quo Vadis EU (Law)?

Sandra Schmitz is an invited speaker at the conference “Quo vadis, EU (Law)?” held on 11-12 November 2021 at Bocconi University, Milan. Within the session on Digital Europe, she will present on “Cybersecurity, the AI Act and State of the Art”.

New Publication: Comment on the Council Resolution on Encryption and Recital 54 NIS 2.0 Proposal

One year ago, the Council of the European Union published the Council Resolution on Encryption, in which the necessity for security through encryption and for security despite encryption is emphasized. The resolution is based on the assumption that access to encrypted content is becoming increasingly important for competent authorities in the area of security and … Continued

How NIS 2.0 Aims to Enhance Cooperation

The NIS Directive required Member States to designate competent authorities in the field of network and information security for inter alia monitoring compliance. Further central contact points as liaison offices for supranational cooperation and computer security incident response teams  (CSIRTs) had to be designated. The CSIRTs collaborate in the CSIRTs Network “to contribute to developing … Continued

Translations of the National Transpositions of the NIS Directive

We are currently updating our websites with translations of the national transpositions of selected Member States. The selection was based on a variety of factors (including geographical spread, centralised or decentralised supervisory regime) in order to represent a comprehensive overview of the diverging measures. The database of translations is an important source for the NIS … Continued

NIS 2.0: The European Parliament Suggests Amendments to Commission Proposal

In May 2021, the European Parliament’s Committee on Industry, Research and Energy published a draft report on the Commission proposal for a NIS 2.0 Directive (Rapporteur: Bart Groothuis). The Rapporteur welcomes the Commission proposal for a NIS 2.0 Directive, and in particular, the expansion of the scope of the Directive. The Report suggests a further … Continued

Forthcoming: 1st Privacy-LawIT-Lab Workshop

Since the on-going pandemic makes it difficult to organise on-site events, we have decided to hold the first EnCaViBS workshop as a virtual event. The workshop constitutes the launch of the Privacy-LawIT-Lab, which will regularly host interdisciplinary workshops in the field of Law and IT with a special focus on cybersecurity. The workshop takes place … Continued

EnCaViBS featured in the Cybersecurity Awareness Calendar

EnCaViBS is featured in the Cybersecurity Awareness Calendar of the European Cybersecurity Organsation (ECSO) as part of the August 2021 Cybersecurity Summer School. Each month, the Awareness Calendar features a key aspect of cybersecurity and showcases ECSO members’ and partners’ solutions and services in the relevant areas to potential users. Since summer is the ideal … Continued

The EnCaViBs Team Contributed to the Final Study Report to Support the NIS 1.0 Review

EnCaViBs’ legal team contributed as external experts to the Study to support the review of Directive (EU) 2016/1148concerning measures for a high common level of security of network and information systems across the Union (NIS Directive) – No. 2020-665. The report has been prepared for the European Commission and has been published in June 2021 … Continued

IFIP Summer School 2021: Workshop on Defining State-of-the-Art

With only a few days to go until the IFIP summer school 2021, we are happy to announce that Sandra will lead a workshop related to EnCaViBS on 19 August 2021. The workshop aims to contribute to defining the concept of ‘state of the art’ in the context of IT security. Workshop Abstract: In the … Continued

Commission Proposal for an Artificial Intelligence Act

On 21 April 2021, the European Commission published a Proposal for a Regulation laying down harmonised rules on artificial intelligence and amending certain Union legislative acts (COM/2021/206 final). Considering that the same elements and techniques that power the socio-economic benefits of AI can also bring about new risks or negative consequences for individuals or the … Continued

Cybersecurity Breakfast #48 with Stefan Schiffner

Cybersecurity Luxembourg regularly organises “Cybersecurity Breakfasts”. The breakfast #48 headed Can we use the CyberSecurity Act (CSA) to improve the current information security baseline? features a roundtable discussion where Stefan will present our research. Date: 22 July 2021 Time: 8:45 a.m. Location: virtual For more information and registration see: https://breakfast.cybersecurity-luxembourg.com/csb48

Paper Accepted at DSRI Herbstakademie 2021

Our paper “Ein Schritt vor, zwei Schritte zurück – Rechtliche und technische Implikationen einer verpflichtenden Zugriffsmöglichkeit auf verschlüsselte Daten” (“One step forward, two steps backward – legal and technical implications of a compulsory access to encrypted data”) has been accepted for the 22nd annual conference of the German trust for law and informatics. We critically … Continued

16th IFIP Summer School on Privacy and Identity Management

The EnCaViBS team hosts the 16th IFIP Summer School on Privacy and Identity Management in Belval. The school is interactive in character: the aim is to encourage young academic and industry entrants to the privacy and identity management world to share their own ideas, build up a network, test presentation skills, and potentially publish a … Continued

Overview of Competent Authorities under the NIS Directive

The subsequent document provides an overview of national single point of contacts, competent authorities and CSIRTs and the respective contact data.National-authorities-SPOC-CSIRT-CorpDDownload

Comments on the NIS 2.0 Proposal

The proposal for a NIS 2.0 Directive was welcomed at large. Since the publication of the proposal in December 2020, a variety of stakeholders have issued statements or have been responding directly to the Commission initiative. For some, the proposal reaches too far, while others stress a need to alignment with further initiatives in the … Continued

Whistleblowing or Denunciation?

Very interesting discussions at the Ethics in the Age of Smart Systems where Bettina Berendt of the Weizenbaum Institut and I presented our work towards Ethical and Technical Opportunities in the Age of Electronic Communication. While we are all convinced that anonymity (provided by anonymous communication technology) can help to early discover fraud and other … Continued

New Publication: Synergies in Cybersecurity Incident Reporting – The NIS Cooperation Group Publication 04/20 in Context

A central element of EU cybersecurity legislation is the reporting of security breaches. Mandatory reporting to national authorities promotes a culture of risk management, while also providing for the sharing of information about vulnerabilities. In this line, the GDPR introduced reporting obligations for data controllers based on the assumption that security challenges and relevant mitigation … Continued

BILETA Conference 2021: Taken by Surprise: (Re-)Constituting the Critical in an Age of Digital and Pandemic

14 – 16 April 2021 We are present at the annual conference of the British and Irish Law Education and Technology Association and present the following papers: Sandra Schmitz/Stefan Schiffner: “Every Student Can Learn, just not on the same Day” –  Data Protection and Cybersecurity Challenges for E-Learning Platforms Abstract When George Evans stated that … Continued

New Research Article published: Don’t tell them now (or at all) – responsible disclosure of security incidents under NIS Directive and GDPR

In this article, we critically analyse the timeline for notifications of third parties under the NIS Directive and the GDPR in the case of security and privacy incidents from a legal and technical perspective. While a need to mitigate an immediate risk of damage for an individual would call for prompt notification of data subjects, … Continued

The EU’s Cybersecurity Strategy for the Digital Decade

Guest author: Pier Giorgio CHIARA On 16 December 2020, the European Commission and the High Representative of the Union for Foreign Affairs and Security Policy presented a new EU Cybersecurity Strategy (JOIN(2020) 18 final). The new strategy lays down the framework within which the Proposal for a NIS 2.0 and the Proposal for a Directive … Continued

Proposal for NIS 2.0

On 16 December, the European Commission adopted a Proposal for a Directive on Measures for High Common Level of Cybersecurity across the Union (COM(2020) 823 final). Undoubtedly the NIS Directive contributed to a significant change in the regulatory approach to cybersecurity in many Member States. However, increased digitisation of the internal market and digital transformation … Continued

Open letter on crypto and recent attacks

Recently a Resolution by the Council of the EU has been leaked titled “Encryption — Security through encryption and security despite encryption“. Beside the unsettling play with different interpretations of “Security”, the resolution requires “Competent authorities must be able to access data in a lawful and targeted manner [..]”. While not explicitly requiring backdoors or … Continued

New EU Cybersecurity Platform: The European Cybersecurity Atlas

The European Cybersecurity Atlas, a digital knowledge management platform created by the European Commission, will map, categorise and stimulate collaboration between European cybersecurity experts in support of the EU Digital Strategy. The Atlas is considered an important support to the forthcoming European cybersecurity competence centre. For more info see https://ec.europa.eu/digital-single-market/en/news/european-cybersecurity-atlas

…and the new ECCC goes to: Bucharest!

On 9 December 2020, representatives of the governments of the EU member states selected Bucharest, Romania, as the seat of the new European Cybersecurity Industrial, Technology and Research Competence Centre. Proposals for the selection of the seat included beside Bucharest: Luxembourg, Leon (Spain), Warsaw (Poland), Vilnius (Lithuania), Munich (Germany), and Brussels (Belgium). Background: On 12 … Continued

Cybersecurity@CEPS SUMMIT 2020

Sandra was an invited speaker at this year’s Cybersecurity@CEPS SUMMIT “Policy Challenges for the EU Cybersecurity”. The online event focussed on the review of the NIS Directive and the need of cybersecurity requirements for ICT products. On 2 December, Sandra presented and discussed with fellow panellists Alessandro Zamboni (Partner and Head of Wavestone European Services), … Continued

Don’t Tell Them now (or at all) – End User Notification Duties under GDPR and NIS Directive

Sandra and Stefan Present their paper on End User Notification Duties under GDPR and NIS Directive at BILETA. You can watch our presentation video here. The paper is under publication.

IFIP Summer School on Privacy and Identity Management

Stefan is co-chair of the 15th IFIP Summer School on Privacy and Identity Management. Due to the coronavirus spread, the Summer School was rescheduled, and will be held in conjunction with IFIP SEC 2020 in Maribor, Slovenia, on 20-23 September, 2020. In case that a physical conference is not feasible, the summer school will be … Continued

Paper Accepted at APF2020

Tracking without Traces—Fingerprinting in an Era of Individualism and Complexity Abstract. Fingerprinting is a ready-to-use technology that exploits the diversity and complexity of today’s personal computing devices. Since fingerprinting leaves little to no trace, Do Not Track (DNT) policies are hard to enforce. The upcoming ePrivacy Regulation must consider this technological reality. In this opinion paper, … Continued

Can we ban AI?

At CPDP Mark was Moderator of a panel on artificial intelligence. The estimated compound annual growth rate of the global emotion analytics market is 32.7 percent over the forecast period from 2018 to 2023, expecting the market to reach 24.74 billion US-dollars  by 2020. In addition, AI enters our home, our private lives and can … Continued

Recent Posts